Hi Adam, On Mon, 2011-07-04 at 11:11 +0200, Adam Borowski wrote: > On Mon, Jul 04, 2011 at 08:49:59AM +0200, Kilian Krause wrote: > > 1. Using dh-autoreconf is ugly. Please try to avoid it and backport the > > full regenerated configure in your patch to make sure the source is > > identical on all buildds. IMHO dh-autoreconf is a solution for a local > > build that you maintain for yourself outside of Debian, but not for an > > official pacakge. > > You mean, you want to discourage actually building from source?
absolutely not. It should be the source. But a known working one. Not something that may end up working by chance. > That's a huge disservice, especially in case the security team has to make a > fix and suddenly realizes the package hasn't been able to build from the > real source for years. That exactly was my idea too. To ship a source that is known and can be predicted regarding changes. If a security upload would be required but autoconf generates a broken configure due to some circumstances that couldn't be predicted at time the package was uploaded to unstable this is bad and will cause more time to be spent than what would actually be required for *only* fixing the bug. In other words I did say: generate whatever dh-autoconf would get you dynamically, test it, put it together as a patch and ship that patch statically for everyone to read what exactly the change is instead of hushing it up inside a large set of deep magic (that in my experience may or may not work based on "random" circumstances - depending on the upstream sources). -- Best regards, Kilian
signature.asc
Description: This is a digitally signed message part